<?php
require_once "class.Pass.php";

class UserSecurity extends Pass {
    private $secure = false;
 
    function __construct ( User $User, $dbcnx ) {
        $this->secure = $this->doSecure ( $User, $dbcnx );
    } // --
    
    function doSecure ( User $User, $dbcnx ) {
        $result = array ();
    
        if ( $this->trimmer($User) ) $result[] = true; else $result[] = false; 
        if ( $this->sqlInjectSupressor($User, $dbcnx) ) $result[] = true; else $result[] = false; 
        if ( $this->htmlInjectSupressor($User) ) $result[] = true; else $result[] = false; 
    
        if ( $User->task == 'add' ) {                    
            if ( $this->f2() ) $result[] = true; else $result[] = false;   // sample function
        }
        
        if ( $User->task == 'signin' ) {            
        }   

        
        if ( in_array(false, $result) ) { $this->setMess ( "Security process error" );  return false; }
        else   return  true; 
    } // --  

    function getSecurity () { return $this->secure; }
    
    function trimmer ( User $User ) { 
        $User->setLogin( trim($User->getLogin()) );
        $User->setPass( trim($User->getPass()) );
        $User->setPass_confirm( trim($User->getPass_confirm()) );
        $User->nick = trim ( $User->nick );
        $User->email = trim ( $User->email );
        $User->url = trim ( $User->url );
        $User->img_path = trim ( $User->img_path );
        
        return true; 
    } // --
    
    function sqlInjectSupressor (  User $User, $dbcnx ) {
        $User->setLogin( $this->checkInput ( $User->getLogin() ) ) ; 
        $User->setPass( $this->checkInput ( $User->getPass() ) ) ; 
        $User->setPass_confirm( $this->checkInput ( $User->getPass_confirm() ) ) ; 
        $User->nick = $this->checkInput ( $User->nick ) ; 
        $User->email = $this->checkInput ( $User->email ) ; 
        $User->url = $this->checkInput ( $User->url ) ; 
        $User->img_path = $this->checkInput ( $User->img_path ) ;        
        
        return true; 
    } // --
    
    function checkInput ( $value ) {
        // Stripslashes
        if ( get_magic_quotes_gpc() )
          $value = stripslashes($value);
          
        // Quote if not a number
        if ( !is_numeric($value) )
          $value = "'" . mysql_real_escape_string( $value ) . "'";
          
        return $value;
    } 
    
    function htmlInjectSupressor (  User $User ) {
        $User->setLogin( $this->checkHtml ( $User->getLogin() ) ) ; 
        $User->setPass( $this->checkHtml ( $User->getPass() ) ) ; 
        $User->setPass_confirm( $this->checkHtml ( $User->getPass_confirm() ) ) ; 
        $User->nick = $this->checkHtml ( $User->nick ) ; 
        $User->email = $this->checkHtml ( $User->email ) ; 
        $User->url = $this->checkHtml ( $User->url ) ; 
        $User->img_path = $this->checkHtml ( $User->img_path ) ; 
        
        return true; 
    } // --
    
    function checkHtml ( $value ) {         
         return  strip_tags( $value ); 
    } // --
    
    function f2 () { return true; }
    
  
} // -- end of UserSecurity
?>